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Abstract — In 2009, Sole and Zinoviev (Eur. J. Combin., vol. 30, 
no. 2, pp. 458-467, 2009) proposed an open problem of arithmetic 
interest to study the period of the inversive pseudorandom 
number generators (IPRNGs) and to give conditions bearing on 
a, b to achieve maximal period, we focus on resolving this open 
problem. In this paper, the period distribution of the IPRNGs 
over the Galois ring (Z p e,+, x) is considered, where p > 3 is a 
prime and e > 2 is an integer. The IPRNGs are transformed to 
2-dimensional linear feedback shift registers (LFSRs) so that the 
analysis of the period distribution of the IPRNGs is transformed 
to the analysis of the period distribution of the LFSRs. Then, by 
employing some analytical approaches, the full information on 
the period distribution of the IPRNGs is obtained, which is to 
make exact statistics about the period of the IPRNGs then count 
the number of IPRNGs of a specific period when a, b and x 
traverse all elements in Z p ». The analysis process also indicates 
how to choose the parameters and the initial values such that 
the IPRNGs lit specific periods. 

Index Terms — Inversive pseudorandom number generator 
(IPRNG), linear feedback shift register (LFSR), period distri- 
bution, Galois ring. 



I. Introduction 

A pseudorandom number generator (PRNG) is a determin- 
istic algorithm that produces a long sequence of numbers 
that appear random and indistinguishable from a stream of 
random numbers, which is widely employed in engineering ap- 
plications, e.g., generation of cryptographic keys and random 
initialization of certain variables in cryptographic protocols 
(TJ. PRNGs are implemented on finite-state machines, thus, 
the sequences generated by them are ultimately periodic. In 
cryptographic applications of PRNGs, a long period is often 
required. In this case, the full information on the period 
distribution of the PRNGs plays an important role. If the full 
information on the period distribution of PRNGs is known, 
one will be able to choose the suitable parameters and initial 
values such that the PRNGs fit specific periods. 

In ||2)-||5], the detailed period distribution of several linear 
map based PRNGs, such as the Arnold cat map [6| and the 
Chebychev map [7 1, have been studied. In J8], a nonlinear map 
based PRNG called IPRNG was proposed, which is shown as 
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follows: 



x n+l 



ax n y + bmoAp, x n + 
b, x„ — 



for all n > 0, where a,b e GF(p) and its initial value is 
x e GF(p). 

Soon afterwards, the study on the properties of IPRNGs has 
become a hot topic. In [9|-[12|, the distribution properties of 
the IPRNGs were studied. In IfPJl , the complexity profile of 
the IPRNGs was considered. In flj], the period of the IPRNGs 
was investigated, the considered state space was a Galois field, 
but the authors did not provide the full information on the 
period distribution of IPRNGs. Here, we will further consider 
the full information on the period distribution of IPRNGs 
over (Zp»,+, X). However, the structure of (Z p e,+, x) is more 
complicated than which of Galois fields, that is, (Z^,+, x) 
contains many zero divisors but the Galois field does not. 

In 2009, Sole and Zinoviev 1T51 provided a novel construc- 
tion of IPRNGs as follows: 

l +b 



<P(p«x) = 



p k ax 



xeR x 
x = 



where R is a Galois ring, R x is the group of units of R, 
(p is the map from R to itself, a,b e R x and xq e R. The 
discrepancy estimates of the IPRNGs both for the full period 
and for certain special parts of the period was considered. In 
order to generalize these estimates to arbitrary parts of the 
period, the authors proposed an open problem of arithmetic 
interest to study the period of the inversive pseudorandom 
number generators and to give conditions bearing on a,b to 
achieve maximal period. 

Motivated by the above discussions, we focus on analyzing 
the full information on the period distribution of the inversive 
pseudorandom number generators (IPRNGs) over the Galois 
ring (Zpe,+, X), where p > 3 is a prime and e > 2 is an 
integer. The IPRNGs considered in this paper are transformed 
to 2-dimensional LFSRs so that the analysis of the period 
distribution of the IPRNGs is transformed to the analysis of the 
period distribution of the LFSRs. Then, the full information 
on the period distribution of IPRNGs is obtained by some 
analytical approaches, i.e., analyzing the general terms of 
the LFSRs and the order of the roots of the characteristic 
polynomial of the LFSRs. The analysis process also indicates 
how to choose the parameters and the initial values such 
that the IPRNGs fit specific periods. It is noteworthy that the 
analysis of the order of the roots of the polynomials is also 
useful in the analysis of the period of the polynomials which 
is an interesting problem in the analysis of sequences over 
Galois rings lfl6l-|[T9l. 
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II. Preliminaries 

In this section, some concepts and notations on Galois rings 
and IPRNGs employed in this paper are introduced. For more 
detailed knowledge of Galois fields and Galois rings, please 
refer to (201, ETI 

A. Galois Rings of Characteristic p e 

Let p > 3 be a prime and e > 2 be an integer. (Z^, +, x) 
denotes a Galois ring where addition and multiplication are 
all modular operations. A monic polynomial /(f) is said to 
be a basic irreducible polynomial of degree n over Zpe, if 
/(f) mod p is a monic irreducible polynomial over Z p . The 
Galois ring R e „ = GR(p e , n) is the unique extension of degree 
n over Z p e and is isomorphic with Z p e [f] / (/(f)), where /(f) is 
a monic basic irreducible polynomial of degree n over Z p ?[t]. 
R e „ is a local ring with unique maximal ideal (p) = pR e , n , 
which contains all zero divisors and zeros of R eM . The units 
R* n = R e ^„\(p) are contained in a multiplicative group with 
the following structure: 

R e x „=Gi xG 2 

where G\ is a cyclic group of order p" - 1 and G2 is a direct 
product of n cyclic groups each of order p e ~ l . 

Define T e>n = {0, . . . ,% p "~ 2 } be the Teichmiiller set in 
R e ,„, where £ e R c „ is an nonzero element of order p" - 1 
and r*„ = r e ,„\{0}. Then Gi = (£) is of order p" - 1 and 
G 2 = {i + : 6 e (/?)} is of order p^". 

It can be shown that every element c € R e „ has a unique 
p-adic expansion 

c = ao + a\p + . . . + a e ^\p 

where 

Throughout this paper, all the arithmetical operations are 
in (Re t n, +, x). For a e R e „, denote ord(o') as the order of 
a. (p(n), i.e., Eulers totient function, denotes the number of 
positive integers which are both less than or equal to the 
positive integer and coprime with n. 

B. IPRNGs in Zpe 

In this paper, we study the following IPRNG over Galois 
rings, which is a direct generalization of the IPRNGs consid- 
ered in [8|. Given an arbitrary element x e Z p e, the IPRNGs 
over Z p e is 

, / ax' 1 +b xeZ x 
4>(x) = < , , (1) 

where a,b e Zpe. The initial value associated with (1) is given 
by xo € Zpe. 

Set (fP{x) = x and 4> i+l = (p o ft for all i = 0, 1, . . .. Starting 
from an initial value Xq e Z p ,, the recurrence x n+ \ = <p"(xo) 
(n = 1,2...) generates a sequence xq,x\,... over Zpe. For 
every initial value xq e Zpe, the smallest integer L(xq, a, b) such 
that Xn+uxo^j)) - x n for a U « > «o > is called the period of the 
IPRNGs correspond to xq, where n is a nonnegative integer. 
Here, we denote ft(Z p e) = {ft(x) : x e Z p e] and | ft(Z p e) \ be 
the cardinality of ft(Z p e). 
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Fig. 1. Period distribution of IPRNGs with a e (5) in Z 5 _i 

The full information on the period distribution is obtained 
by finding all possible L(xo,a,bys then count the number of 
a specific L(xQ,a,b) when a,b and xq traverse all possible 
elements in Z p >, where p > 3 is an odd prime and e > 2 is 
a integer. The period distribution for p = 2 and p = 3 need 
special analysis. 

III. Period distribution of IPRNGs with a e (p) m Z pl 

When a e (p), the number of IPRNGs is p 3e l . It would be 
better if we have an impression on what the period distribution 
with a € (p) looks like. Fig. 1 is a plot of the period 
distribution of IPRNGs with a e (5) in Z 5 i. It shows that 
all the periods are 1. In the following, the period distribution 
rules will be worked out analytically. 

In the following, we will provide some lemmas, which are 
necessary to discuss the period distribution of the IPRNGs 
with a e (/?). 

Lemma 1: For IPRNG (1) with a e (p) and a 4- 0. If a = 
Ckp k where 1 < k < e and q e Z* f , then ftx) = ftx + p e ~ k ) 
for all x e Zpe and x + p e ~ k e Z p e . 

Proof: The proof is divided into two cases. 

Case I: x € (p) and x + p e ~ k e (p). Then, we can get that 
ftix) = 4>(x + p e - k ) = b. 

Case II: x e Z* and x + p e ~ k eZ x ,. Then, x~ l e Z* and 
(x + p e ~ k Y x e Z* f _ t . From 

x + p e ~ k = x(modp e ~ k ), 

we have 

(x + p e - k y l = x-\modp e - k ), 
which implies that 

p e - k \((x+ P e - k r l -x- 1 ). 

Hence, 

p e \c k p k {{x+ P e - k r l -x- 1 ), 

which means that 

c k p k (x + p e ~ k T l + b = c k p k x~ l + b(modp e ). 
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Then, 

0(x + = 

Combining Case I and Case II, we have proven this lemma. 
The proof is completed. ■ 
Lemma 2: For IPRNG (1) with a e (p) and a + 0, ■ • ■ c 

cf> r (Z pr )Q.-.Ccf> l (Z p ,)Ccf> (Z p ,). 

Proof: We will prove this lemma by mathematical induc- 
tion. 

Basis: For r = 1, it is obvious that (p l (Z p e) c (p°(Z p e). 

Inductive step: Assume <p r+l (Z p ,) c <p'(Z p e) holds for r > 1. 
Then for any <p r+2 (x) e <p r+2 (Z p e), we can get that r+1 (x) e 
f + \Z p e). Since <p r+l (Z p e) c f(Z p e), there exists a f(x') e 
f{Z p e), such that r+1 (x) = 4> r (x'), thus f +2 (x) = 4> r+l (x') e 
cf> r+1 (Z p e). This means that cj) r+2 {Z p .) C </>' + 1 (Z,,«)- 

Since both the basis and the inductive step have been 
proved, it has now been proved by mathematical induction 
that ■•■ c 4> r (Z p e) C ... c (f> l (Z p e) c 0°(Zp.). The proof is 
completed. ■ 

Lemma 3: For IPRNGs (1) with a e (p) and a + 0, there 
exists an integer ro > 0, such that |0 r (Z p e)l < \<p r ~ (Z^)! for all 
1 < r < ro and |0 r (Z^)| = 1 for all r > r . 

Proof: It follows from lemma 2 that • • • < \<p r (Z p e)\ <■•■ < 
\<t>\Zp,)\ < \(f{Z p ,)\. Since < \f{Z p ,)\ < +oo for all r > 0, 
there exists an integer ro > 0, such that \<p r {Z p e)\ < \<p r ~ l (Z p e)\ 
for all 1 < r < ro and \<p r (Z p e)\ are equal for all r > ro. 

In the following, we will prove that \<p r {Z p e)\ = 1 for all 
r > ro- Here, we only consider the case that \(/> r (Z p ,)\ = 2 for 
all r > ro, then the case for \<p r (Z p ?)\ > 2 can be considered 
similarly. 

For \4> r (Zpe)\ = 2, we assume that there exists a/> ro, such 
that I^CZpOl = lxux 2 } and |0 r ' +1 (Z pe )| = {x u x 2 } with | 
(xi - X2). If either xi e (p) or X2 e (p), then contradictions 
will be easily derived. For x\ G Z^ c and X2 € Z^, , there are 
two cases. 

Case I: <f>(xi) = x 2 and <p(x2) = x\. Then, we can get that 
4>{4>{x\)) = (f>(x2). Thus, there exists an integer n + 0, such that 
<p{x\) — X2 + np e ~ k . Then, we have x 2 — x 2 + np e ~ k . This is a 
contradiction. 

Case II: <p{xi) - X\ and <p(x 2 ) = x 2 . There are two subcases. 
Subcase i: p k \ (x\ - x 2 ). It follows from 4>{x\) = ax~ l + b 
and <p{x 2 ) = ax~ l + b that 

a(x\ l - Xj 1 ) = jci — x 2 . (2) 

For a = Ckp k , p k \ (x\ - x 2 ). This contradicts to p k \ (x\ - x 2 ). 

Subcase ii: p k \ (x t - x 2 ). In this case, we assume that 
jq - x 2 - c' k p m , where m > k and c' k e Z^ t ,. Thus, 

x\ = X2(modp m ). 

Then 

x\ l = (mod// 1 ). 
From (2), we can get that 

c k p\x\ l -xi l ) = c' k p m , 

which means that 

(x- 1 1 -X2 1 ) = c- k 1 c' k p m - k . (3) 



TABLE I 

Period distribution of IPRNGs with a 6 (p) in Z„« 
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Fig. 2. Period distribution of IPRNGs with a 6 and & E (5) in Z j3 

From (3), we have 

x^ 1 * Xj'Cmodp" 1 ), 

From Subcase i and Subcase ii, we have <p{x\) = x\ and 
4>(X2) = ^2 lead to a contradiction. 

Lemma 3 has been proven by combining Case I and Case 
II. The proof is completed. ■ 

Now, we are ready to establish our main theorem for period 
distribution of IPRNGs with a e (p) on the basis of Lemma 
3. 

Theorem 1: For IPRNGs with a e (p), the possible periods 
and the number of each special period are given in Table I. 
Proof: Period analysis. 

If a — 0, then it is obvious that L(xo,a,b) = 1. 

If a + 0, then by Lemma 3, we can get that there exits an 
integer ro such that <p r+1 (xo) - 4> r {xo) for all r > ro- Thus, 
L(xq; a,b) — 1. 

Counting. 

When a traverses all elements in (p), b and xq traverse all 
elements in Z p e, respectively, there are p 3e ~ l IPRNGs with 
L(xo;a,b) = 1. The proof is completed. ■ 

IV. Period distribution of IPRNGs with a e Z* f and b e (p) 

IN Zjf 

When a e Z*. and b € (p), the number of IPRNGs is (p - 
l)p 3e ~ 2 . It would be better if we have an impression on what 
the period distribution with a e Z^ c and b e (p) looks like. Fig. 
2 is a plot of the period distribution of IPRNGs with a € Z*, 
and b e (5) in Z 5 3. It can be seen from Fig. 2 that the periods 
distribute very sparsely, some exist and some do not. In the 
following, the period distribution rules for a e Z^ e and b e (p) 
will be worked out analytically. 
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We rewrite IPRNGs (1) as 



X n +\ — 



ax n 1 + b x„ e Z* e 
b x„ e (p) 



(4) 



for all n > 0, where a e Z* and b e Z^ . 

Hereafter, for presentation convenience, we denote 
S(xQ\a,b) as the sequence generated by (4) from initial value 

Xq. 

In order to get the main results in the rest of this paper, we 
provide an important lemma which transforms the IPRNGs 
to 2-dimensional linear feedback shift registers (LFSRs). This 
lemma is an extensive version of Lemma 1 in |14|. 

Lemma 4: Let a,b,xo e Z p e. Define the LFSR 



y n +2 = by n+ i + ay n , 



(5) 



for all n > 0, where yo = 1, y\ = xq. Then if m > is an 
integer such that y„ e Z* e for all < n < m, then x„ = y n +\y~ l 
for all < n < m. Moreover, m is the smallest positive integer 
satisfying x m e (p) if and only if m + 1 is the smallest integer 
satisfying y m+x e (p). 

Proof: We will prove this lemma via mathematical induc- 
tion. 

Basis: For n = 1, it is obvious that xq = yiy* 1 . 
Inductive step: Assume xt = yk+iy^ 1 hold for n — k, where 
< k < t — 1. By yk+2 = by^+i + ayic, we can get that 



a yky k l\ + b 
a{yk+\yk l T l + b > 



which means that 



Xk+ 1 



Since both the basis and the inductive step have been proved, 
it has now been proved by mathematical induction that x„ = 
yn+\y„ l f° r all < n < ra. 

By the first assertion of this lemma, we can prove the second 
assertion. The proof is completed. ■ 

For a e Z* f and b e (p), we provide the a useful lemma, 
which can be found in ifTTI . 

Lemma 5: IPRNG (4) is a permutation of Z* f if and only 
if a e Z* e and b e (p). 

Remark 1: It follows from Lemma 5 that if a e Z* e and 
b e (p), then S(xo',a,b) does not contain any element in (p) 
for all xq € Z* f . This situation is quite different from the 
case a e Z* f and b e Z*„, in which S(xo',a,b) may contain 
elements in (p) for some xq e Z* e , which will be proved later 
in Section V. This is the reason why we consider such two 
cases separately. 

By lemma 5, if xq e (p), then x„ — b for all n > 1. Thus, 
L(xo;a,b) = 1. In this case, there are (p - l)p e ~ l , p e ~ l and 
p e choices of a, b and xo, respectively. Therefore, there are 
(p-l)p 3e - 3 IPRNGs of period 1 for this case. In the following, 
we will analyze period distribution of IPRNGs for the case that 
xo e Z* 



Denote /(f) 



bt - a be the characteristic polynomial 



of recurrent relation (5). Let a,/3 be two roots of /(f), i.e., 
/(/) = (f - a)(t - y6). It can be seen that each pair of a, b is 
uniquely determined by a pair of a,/3. It should be pointed out 
that a - /3 is always a unit. Actually, it follows from b e (p) 



that p | a + p. If p | a - /3, then it can be obtained that p | a. 
Since a = afi, it holds that p \ a. This contradicts to a e Z* s . 
Then, we can get the general terms of LFSR (5): 



y„ = (a -/3r\(x -P)a" + (a - x {) )/3"), 



(6) 



for all n > 0. 

By Lemma 4 and (6), we have the following lemma. 
Lemma 6: If m > is an integer such that y n e Z*,, for all 
< n < m, then x n - xq if and only if 

(x - a)(x -I3)a n = (x - a)(x -/3)/3 n . 

On the basis of the above discussions, the period distribution 
of IPRNGs is analyzed in the following two cases: A. /(f) is 
reducible in Z p < [t]; B. /(f) is irreducible in Z p *[t] but reducible 
in its extension ring Z p t[f]/(/(f)). 

A. /(f) Is Reducible in Z p , [t] 

In this case, a,fi are in Z* f . Let a = J^Iq ctp', /3 = 2/=o dip' 
and xq = 2/=d hiP 1 * where Co, do, ho e Z* and q, d,, h, € Z p for 
all z= 1,2,..., e- 1. 

If either xq - a or xo -/3 is a zero. By (6), we have y n = xjj 
for all « > 1. Thus, x n = xq for all n > 1 , which means that 
L(jco; a,b) - 1. 

As a traverses all elements in Z^ e , there are (/? - \)p e ~ l 
choices of a. Once a is chosen, there are p e ~ l /Ts such that 
p \ a+p. Since each /(f) is uniquely determined by a pair of 
a,f5, it holds that there are - reducible /(f)'s in Z p «[f], 
which means that there are ^"'^ — pairs of a, f>. Once a,/? are 
chosen, there are two choices of xq. Thus, there are (p-l)p 2e ~ 2 
IPRNGs of period 1. 

There are two cases remained 1): both XQ-a and xo -fi are 
units; 2): one of xq - a and xq — fi is a zero divisor. 

7 ) Bof/; xo - a one/ xq — (3 are units: It follows Lemma 6 
that n = ord(ayS _1 ) is the smallest integer such that Lemma 6 
holds. Thus, L(xo',a,b) = ord^yCT 1 ). 

It should be mentioned that afT 1 -a' x f} is a zero divisor for 
this case. Indeed, apT x - a~ l fi = oT x fi~ x (a - fi)(a + pT). Since 
b e (p) and b = a+J3, it must hold that p \ apT x - aT l fi. 

Now, we are ready to present our results on the period 
distribution of IPRNGs for this case. 

Proposition 1: Suppose /(f) is reducible in Z p t[f] and a-f3 
is a unit. If both xo-a and Xq—J3 are units, then the number of 
IPRNGs of period 2 is (p " 3)(p ~ 1)p2f ' 2 ; the number of IPRNGs 



e-k : c (p-3)(p-l)V' 



where 1 < k < e - 1, 



of period 2p is — 

Proof: Period analysis. 
By previous discussion, we have L(xq, a, b) = ord(ayS _1 ). Let 
o/T 1 = E£o fl ''J 3 '' and a '/^ = DKjfoi/j', where a ,^o e Z^, 
fl/,ii 6 Z p for all i = 1,2, ...,e — 1. Since a/? -1 - cT x fi is 
a zero divisor, it holds that ao = bo. On the other hand, as 
afT 1 - (a~ l P)~ l , it is valid that aobo = 1. Thus, ao — bo — 1 
or ao = bo = p — 1. Since f> € (p), it holds that aT^b 1 + 2 = 
p - 2(mod/?), thus, ao = bo = /? - 1. 

If = 0, then a + /3 — 0. Thus, a-yCT 1 + 1=0, which means 
that a,- = for all i = 1,2, . . . ,e — 1. Hence, ord^/T 1 ) = 2. 

Ifl<£<e — lis the largest integer such that p k \ b, then 
p k | o/J- 1 + 1. Hence, ord( a p- 1 ) = 2p e - k . 



SUBMITTED TO IEEE TRANSACTIONS ON INFORMATION THEORY 



5 



Counting. 

If b = 0, then the choice of b is unique. If p k \ b, then 
a, = for all i = 1,2, . . . ,k — 1, a* € Z* and a,- e Z p for all 
i = k+ 1, & + 2, . . . , e — 1, there are (p - l)p e ~ k ~ l choices of b. 
Once b is chosen, there are — — choices of a. 

It follows form both xq - a and xq - /3 are units that there 
are p - 3 choices of Iiq and p choices of hi for each i - 
1,2, ...,e — 1. Thus, for each pair of a,f\ there are (p-3)p e ~ 1 
choices of xq. Therefore, the number of IPRNGs of period 2 
is (n-Wp-Dp 2 - 2 _ The number of iprnGs of period 2p e - k is 

(p i)(.p i) p ^ where 1 < £ < e — 1. The proof is completed. 

■ 

2) One of xq — a and xq — /3 is a zero divisor: In this case, 
xq - a and xq - f3 can not both be zero divisors. Without loss 
of generality, we suppose xq - a is a zero divisor and xo - j8 
is not. Let 1 < < e - 1 be the largest integer such that 
p k | xq - a, then by Lemma 6, we have p k (a/3~ 1 )" = p k . Let 
(ojS" 1 )" = 2/=o giP l > where gj e Z p , then we have 

p k (go + g\P l + ■■■+ ge- s -ip e ~ k ~ 1 ) = P k , 

which means that 

go+g lP + ...+g e - k - l p e - k - 1 = 1. (7) 

Define T] e k be a reduction map from Z p , to Z p «-*, then we 
have n = ord^j^a/T 1 )) is the smallest integer such that (7) 
holds, which means that L(xo;a,b) = ordirf^afT 1 )). 

Now, we are ready to present our results on the period 
distribution of the IPRNGs in this case. 

Proposition 2: Suppose /(f) is reducible in Z p » [t] and a -f3 
is a unit. If one of xq - a and xq -f3 is a zero divisor, then the 
number of IPRNGs of period 2 is ((e - l)p - e + l)(p - 1) p 2e ~ 2 ; 
the number of IPRNGs of period 2p e * ! is (/? - l) 3 p 3e ^ 
where 1 < A; < e - 1 and 1 < s <e — k— 1. 
Proof: Period analysis. 

Let d-yCT 1 = 2pJ a,/?', a, e Z ; , for all i = 0, 1, . . . ,e - 1. 

If b = 0, then a +/? = 0, we have a/3' 1 + 1=0. Thus, a = 
p- 1, a t = for all i = 1,2, . . . ,e- 1. Then ord^a/T 1 )) = 2. 

If e - < s < e - 1 is the largest integer such that p s \ b, 
then p s | a/3' 1 + 1, thus, rf k {a/3~ l ) = «o, which means that 
ordC^Cor 1 )) = 2. 

Ifl<i<e — fc— lis the largest integer such that p s \ b, 
then p s | a-/? -1 + 1, thus, rf k {a/3~ x ) = a + dip 1 , where 

a s eZp and a,- 6 X p for all i = s+1,5 + 2, ...,e — k— 1. Then 
01^(77^(0-^ ')) = 2p e - k - s . 

Counting. 

If L(xq; a, b) = 2, then either b = or p s \ b, where e - k < 
s < e - 1. 

As b = 0, there are < - p ~ l ^ p — choices of a and 2p e ~ l choices 
of Xq. 

As p s I fo, there are (p - 1)// l choices of b. Once b is 
chosen, there are — choices of a. Since p k \ Xq — a or 
p k I xo -/?, there are 2(p - l)p e ~ k ~ l choices of xq altogether. 

Thus, the number of IPRNGs of period 2 is 

e-l e-l 

(p - Dp 2e - 2 + 2 Z ( ^ - "> : ' 1 1 ! 

k=l s=e-k 
= ((e _l )/ ,_ e+ l )(/ ,_ i)p 2e-2 



If L(x ; a, b) = 2p e - k -\ then p s | b, where 1 < s < e - k - 1. 

As p s I b, there are (p - \)p e ~ s ~ l choices of b. Once b is 
chosen, there are - — j- — choices of a. Since p \ xq — a or 
p k I xq - f3, there are 2(p - l)p e ~ k ~ l choices of xq. 

Thus, the number of IPRNGs of period 2p e ~ k ~ s is (p - 
l) 3 p3«-*-'-3 , where 1 < Jt < e - 1 and 1 <5<e-fe-l. 
The proof is completed. ■ 

B. /(f) As Irreducible in Z p e[t] 

In this case, /(f) must be reducible in Z^[t]/(f(t)). Since 
p -f or — p, it is valid that t - a and f - /3 are coprime in Z p . 
Thus, by the Hensel's lemma in |2TI . we can get that /(f) is a 
basic irreducible polynomial in Z p . Therefore, Z ; ,t[f]/(/(f)) is 
a Galois ring which is isomorphic with R e 2- When a traverses 
all elements in Z* f and b traverses all elements in (p), there 
are (p - l)p 2e ~ 2 /(f)'s in Zpe\f\. In case A, we obtain that 
there are ^~ — /(f)' s which are reducible in Z^[f]. Thus, 
there are — J£ — /(f)'s which are irreducible in Z p r[t], which 

means that there are (p ~ — pairs of a,b such that /(f) is 
irreducible in Z [f [t\. 

Since a,/3 e R e 2 but a,/3 t Z p e, it is valid that both Xq - a 
and xo - (3 are units for all xo e Z^ . Then, it follows from 
Lemma 6 that L(xo;a,b) = ord(a/3~ l ). 

We present the following proposition without proof because 
the proof is the same as Proposition 1. 

Proposition 3: Suppose /(f) is irreducible in Z p >\f\. Then 
the number of IPRNGs of 2 is {p l ^ 2 P — . The number of 
IPRNGs of period 2p e ~ k is (p-DV'"*' 3 ; w h ere \ <k<e-\,. 
Proof: Period analysis. 

By previous discussion, we have L(xo,a,b) = ord(a/3~ l ). 

Let a/3- 1 = YZl a ip' and a ~ x P = ZZo b iP^ where OiM € r f>2 

for all i — 1, 2, . . . , e— 1. Since b 6 (p), it is valid that p \ a+/3. 
Thus, p I a/3^ 1 -a~ l /3, which means that «o = bo. On the other 
hand, (a/3~ l )(a~ l /3) = 1, then aobo = 1. Thus, ai = 1 which 
means that ord(ao) = 2. 

If b = 0, then a + = 0. Thus, a/3~ l + 1=0, which means 
that oid(a/3- 1 ) = 2. 

Ifl<fc<e — lis the largest integer such that p k \ b, then 
p k I a/3' 1 + 1. Hence, ord( a/T 1 ) = 2/? e -*. 

Counting. 

If = 0, then the choice of b is unique. If p k \ b, then there 
are (p - 1)//~ A ~' choices of b. Once f> is chosen, there are 
<J '~ l ^ p — choices of a. Since both xq - a and xq- f3 are units, 
there are (p - l)// -1 choices of xq. Therefore, the number of 
IPRNGs of period 2 is i£-l££ll. The number of IPRNGs of 

period 2p e is - — ^ , where 1 < k < e — 1. The proof is 

completed. ■ 

Now, we have discussed all cases for the period distribution 
of IPRNGs with a e Z* f and b € (p). The overall results are 
summarized in the following theorem. 

Theorem 2: For IPRNGs with a e Z*, and b e (p), the 
possible periods and the number of each special period are 
given in Table II. 

Example 1: The following example is given to compare the 
theoretical and experimental results. A computer program has 
been written to exhaust all possible IPRNGs with a e Z*, and 
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TABLE II 

Period distribution of IPRNGs with a e Z x „ and b e (p) in Z p f 



Periods 


Number of IPRNGs 


1 


(p - l)(p 3e ~ 3 + /> 2f ~ 2 ) 


2 


(ep-e - \)(p-\)p 2 '- 2 


2p e - k 

for each 1 < k < e — 1 


(p - l) 2 (p - V'+ 3 


for each 1 < k < e — 1 and 1 < s < e — k— 1 


(p - 1)3^3^-5-3 



TABLE III 

Period distribution of IPRNGs with a € Z* 3 and b € (5) in Z 5 3 



Periods 


1 


2 


10 


50 


Number of IPRNGs 


65000 


27500 


70000 


150000 


5 Period Distribution of IPRNGs with ae Z*a 
x 10 5 


and be Z*3 


in Z 5 = 



3 - 
2.5 - 

O 

I 2 -| 

"S I 
S 1.5 - 
E ! 

3 I 

z I 

0.5- 

J 1 , , , , , 

20 40 60 80 100 120 

Periods 

Fig. 3. Period distribution of IPRNGs with a e Z* and b e Z* in Z 5 3 



b € (5) in Z 5 3 to find the period by brute force, the results are 
shown in Fig. 2. 

Table III lists the complete result we have obtained. It 
provides full information on the period distribution of the 
IPRNGs. The maximal period is 50 while the minimal period 
is 1. As it is shown in Fig. 2 and Table III, the theoretical 
and experimental results fit well. The analysis process also 
indicates how to choose the parameters and the initial values 
such that the IPRNGs fit specific periods. 

V. Period distribution of IPRNGs with a e Z*, and b € Z* f in 

When a e Z*« and b e Z* , the number of IPRNGs is 
(p - l) 2 p ie ~ 2 . It would be better if we have an impression on 
what the period distribution with a e Z* f and b e (p) looks 
like. Fig. 3 is a plot of the period distribution of IPRNGs (1) 
with a E Z*, and b e Z* 3 in Z 5 3. It can be seen from Fig. 3 that 
the periods distribute very sparsely, some exist and some do 
not. In the following, the period distribution rules for a e Z* f 
and b e Z* t , will be worked out analytically. 

It follows from (6) that if a - f3 is a unit, then we are able 
to obtain the general term of LFSRs (5). Otherwise, we can 



not get that its general term. Thus, the period distribution of 
the IPRNGs is analyzed in the following two cases: A. a -J3 
is a unit; B. a - /3 is a zero or a zero divisor, where a,/3 are 
roots of /(f). 

A. a — j3 is a unit 

In this case, if /(f) is reducible in Z p „[t], then a,/3 e Z^ e . 
If /(f) is irreducible in Z p e[t], then /(f) must reducible in 
its extension ring Zp*[t\/(f(i)). In the following, we will 
consider the two subcases, 1): /(f) is reducible in Z p «[f]; 
2): /(f) is irreducible in Z^[t] but reducible in its extension 
ring Zpe [t]/(f(tj). In both subcases, a pair of a, b is uniquely 
determined by a pair of a, p. 

1) /(f) is reducible in Z p e[t\: Let a = 2/=o c iP'> P ~ 
Yfi=o dip' and xo = Yfi=o hip 1 , where c,, dj, hi e Z p then it 
follows from a - /3 is a unit that cq # do. For presentation 
convenience, we denote Co = o)i,do = a>2 and ho = n. 

It follows from recurrence relation (5) that 

y n+2 = (a>\ + w 2 )y„+i - cDiLL> 2 y„(modp). 

Let x' n = x n modp and y' n = y„modp for all n = 1, 2, Then, 

we obtain 

y'n+2 = ( W l + W 2)y,' 1+ i - UiQ} 2 y' n . (8) 

Similar to (6), we have the general term of (8) 

y' n = (o)i - a) 2 Y l {{n - w 2 )w" + (wi - n)^). 
If both n - <±>\ ^0 and n - <±> 2 + 0, then y' n — if and only 

if 

(co^T = - u>i)(n - anT\ (9) 
For presentation convenience, we denote Q = 

{W,« 2 \ (WjWj 1 ) 2 , . . . , (WjWj 1 ) ^^')-!}. 

If (n - wi)(7r - IQ2) 1 £ Q there exists 1 < n < p — 1 such 
that (9) holds, thus, S (xq; a, b) must contains some elements in 
(p); if (ti - (jD\){ti - u)2Y l i £2, there does not exist any n such 
that (9) holds, thus, S(xo;a,b) does not contain any element 
in (p). 

On the other hand, if either n - u)\ — or n - u>2 — 0, then 
y' n £ for all n — 1,2, . . ., which means that S(xo\a,b) does 
not contain any element in (p). 

Now, we are ready to present our results on the period 
distribution of IPRNGs for this case. 

Proposition 4: Suppose /(f) is reducible in Z p , [t] and a-/3 
is a unit. If (71 - lo\)(ti - coi) 1 6 £2, then L(xo;a,b) traverses 
the set {k - 1 : k > 2,k | p — 1}. For each k, there are (k - 

l)(p - l)p 2e - 2 2 ti, ^T 1 IPRN G S of P eriod k - 1. 
Proof: Period analysis. 

Since b e Z p <- and b = a + /?, it holds that -f a + [}. 
Combining p \ a — /3, we have /? -f ayCT 1 - a -1 /?, which means 
that a>ia>2 1 + 0)^0)2. Again, since (oJiOJ 2 1 )(aJ 1 'w2) = 1, it is 
valid that <x>\lx^ + \,p—\ which means that md(<jj\uS^) > 2. 

If (n - <jj\){n - 0J2Y 1 € Q, then S(xo;a,b) contains some 
elements in (p). Thus, L(xo; a, b) = L(b; a, b). Then, we 
consider the case that x = b, which means that n — oj\ + u>2- 
By (9), we have y' n — if and only if (wrwj 1 )'^ 1 - L Thus, 
n' = ord^iWj 1 ) - 1 is the smallest integer such that y' n , - 0. 
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By Lemma 4, we have x' , _ x = 0, thus, x n > — b, which means 
that L(xo;a,b) = ord^iw^ 1 ) - L Since loxux^ e Z p , it holds 
that ord(wiw 2 1 ) | p — 1. Hence, L(xo;a,b) traverses the set 
{jfc-1 :Jt>2,jfc|p-l}. 
Counting. 

For L(xo;a,b) = k — 1, there are fc — 1 7r's such that (tt - 
wi)(7T-W2) _1 e O and p choices of for all / = 1,2, ...,e — 1. 
Thus, there are (fc - l)p e_1 choices of xo. 

Since c and /3 are roots of /(f), it can be verified that a/3' 1 
and a~ l /3 are roots of g(t) — t 2 + (a~ l b 2 + 2)f + 1. Therefore, 
a- l b 2 + 2 = a/3- 1 +a~ l /3. Thus, a = b 2 (a/r l + aT 1 /? - 2). Since 
/(f) is reducible in Z^[t], it is valid that ord( 0-/T 1 ) = £p', 
where 1 < i < e — 1. For each fc/V, there are ip(kp') elements 
whose order is kp' and there are different a/3~ l + a~ l /3-2 
's. Thus, there are 2f~o ^j-^ choices of a/3~ l + a~ l /3 - 2. 

As a result of ord(wi<w 2 1 ) > 2, we have a/T 1 + a~ l /3 - 2 is 
a unit. The number of choices of b is (p - l)p e_1 . Once b and 
a/3 1 +a~ l p-2 are chosen, a is uniquely determined. Hence, 
for each k, there are (k - l)(p - l)p 2 <- 2 Spj ^f - IPRNGs of 
period k — 1. The proof is completed. ■ 

Proposition 5: Suppose /(f) is reducible in Z p «. If (7r - 
«i)(7r- W2)~' £ Q, then L(xo;a,b) traverses the set {k = k\k 2 : 
2 < k\ < p — \,k\ I p — l,fe I p e_1 }. For each A;, there are 
(p - (M - l))(p - l)p 2e - 2 ^ IPRNGs of period k 
Proof: Period analysis. 

By recurrence relation (5), we can get that x„ = xq if 
and only if {a(3~ l Y l = 1. Thus, L(xo\a,b) - ord(a/8 _1 ). 
In Proposition 4, we have proven that ord(widL» 2 1 ) > 2. 
Since a/3~ l E ZJ,, it is valid that ord(a/J -1 ) traverse the set 
{k = k x k 2 :k x >2,h \p-hk 2 \p e - x }. 

Since (tt- a>i)(7T — &>2) _1 £ £2, it is valid that S(xo;a,b) does 
not contain any element in (p). Thus, utiu)^ 1 is not a primitive 
element in Z p , which means that ord(wia) 2 " 1 ) + p - 1. Hence, 
L(xo;a,b) traverses the set {£ = A11A12 : 2 < k\ < p — l,k\ \ 
P-I,k 2 \p e - 1 }. 

Counting. 

For each L(xo;a,b) = k, there are p - {k\ - 1) 7r's such 
that (n - u>i)(n - W2) 1 t ^ and p choices of hi for all i = 
1, 2, . . . , e— 1. Thus, there are (p - (£1 - l^p* -1 choices of xo. 

The rest of the proof is the same as which in in Proposition 
4, thus, we omit it. Finally, we have for each k, there are 
(p - (ki - l))(p - l)p 2e - 2 ^ IPRNGs of period k. The proof 
is completed. ■ 

Proposition 6: Suppose /(f) is reducible in Z p e [t] and a -/3 
is a unit. If either xo-a or xq-/3 is a zero, then L(xo\a,b) = 1. 
There are (p - 3)(p - l)p 2e ~ 2 of period 1. If either xq - a 
or xo - /3 is a zero divisor, then L(xq\ a, b) traverses the set 
{k = kik 2 : k\ > 2,k\ I p - l,k 2 | p e ~ h ~ x , 1 < h < e - 1}. For 
each fc 3 , there are tp(k)(p - l) 2 p 2e - 2 IPRNGs of period k. 
Proof: Period analysis. 

If either xq - a or x$ - /3 is a zero, then y„ = x" y Thus, 
x„ = Xq for all n = 1,2,..., which means that L(xo;a,b) = 1. 

If either xq - a or Xq — >8 is a zero divisor, we suppose 
1 < £3 < e - 1 is the largest integer such that p kj \ x$ - a or 
p k} I xo ->8, then we can get that L(xo; a, fe) = rf k (afT ). Thus, 
L(x ;a,b) traverses the set = fci& 2 : ^1 > 2,^ | /? - l,fe 2 I 
p e-h-l tl <k 3 <e-l}. 



Counting. 

For L(xo',a,b) = 1, a,jS traverses all suitable elements in 
Z p e, i.e. both a -J3 and a + /3 are units, there are ^'^^ 1)p — 
pairs of a,/?. Once a,/? are chosen, there are 2 choices of xq. 
Thus, there are (p - 3)(p - l)p 2 ^ 2 IPRNGs of period 1. 

For L(xo;a,b) = k, since either p ki \ Xq — a or p ki \ xq -J3, 
it is valid that n = a)\ or n — aj 2 and p — 1 choices of for 

all j = fej + l,fe 3 + 2 e - 1. Thus, there are 2(p - l)p e - k ^ 1 

choices of xo altogether. 

Let a/3- 1 = ZZt 1 a 'P' + Since '7*,( Q 'r I ) = ^ 

there are ^>(fe) choices of rf k {a/3~ x ). Once rf k (af}~ ) is chosen, 
which means that a, for all i = 0, 1, . . . , e - kj - 1 are chosen, 
there are p choices of a, for all i = e - £3, e — kj + 1, . . . , e - 1, 
Thus, there are ip(k)p k:> choices of Q-/T 1 . Then, there are 3 
different a/3~ l + a~ l /3 - 2 's. The number of choices of b is 
(p - l)p e ~ l . Once b and a/3~ l + a~ l /3 - 2 are chosen, a is 
uniquely determined by b 2 (a/3~ l +a~ l /3-2)~ l . Hence, for each 
k, there are ip(k)(p - l) 2 p 2e - 2 IPRNGs of period k. The proof 
is completed. ■ 

2) /(f) is irreducible in Z p e[t]: In this case, /(f) must be 
reducible in Z p n[t]/(f(t)). Since p \ a - f3, it is valid that 
f - a and f - yS are coprime in Z p . Thus, by the Hensel's 
lemma in ETI . we can get that /(f) is a basic irreducible 
polynomial in Z p . Therefore, Z p > [f] /(/(f)) is a Galois ring 
which is isomorphic with R e> 2- 

Let a = Xto c iP l > P = 2X0 d iP l and *o = 2/=o hp 1 , where 
c,-,rfi e r e> 2 and h, e Z p for all i = 0, 1, . . . , e— 1, then it follows 
from a - jS is a unit that co + do- 

For presentation convenience, we also denote co = u>\,do = 
a) 2 and /io = Ti. 

Since both c and /3 are not in Z p «, it is valid that both xo-a 
and xo — j8 are units, which means that both n - aj\ and n-a> 2 
are units. As it is discussed in Case A, we can get that if 
(jt - cD\){n - (jL> 2 y l e Q, then S(xo;a,b) must contain some 
elements in (p); if (n - ai\)(n - a> 2 y l <£ Q., then S(xo\a,b) 
does not contain any element in (p). 

Now, we are ready to present our results on the period 
distribution of IPRNGs for this case. 

Proposition 7: Suppose /(f) is irreducible in Z^ [f] and p \ 
a —J3. If (n— wi)(7r - (L> 2 y l e Q, then L(xo; a, b) traverses the 
set {k - 1 : k > 2,k | p + 1}. For each k, there are (k - l)(p - 
Y)p 2e - 2 ^f- IPRNGs of period Jfc-1. 
Proof: Period analysis. 

Since b e Z* f and b = a + /?, it holds that p -f or + y8. 
Combining p \ a -f3, we have p f a/3 -1 - a _1 /3, which means 
that u)\i>x^ + (±r y l (jj 2 . Since (a»i(x»2 1 )(w^ 1 W2) = 1, it is valid 
that ord(w 1 (jJ 2 I ) > 2. 

Since (jt - coiXn - aj 2 y l e Q., it is valid that S(xo',a, b) 
contains some elements in (p). Thus, L(xq; a, b) = L(b; a, b). 
Thus, L(xo\a,b) = ord(w 1 <jJ 2 1 )- 1. Since coxux^ e F e2 , it must 
hold that ord(wiw 2 ') | p 2 - 1. Notice that a/3~ l ( Z r . Since 
Z^ c Z p t [f] / (/(f)), it is valid that all units in Z p e are contained 
in Z p e [f]/(/(f))> which means that ord(<yiw 2 1 ) \ p - \. Thus, 
oi^wiWj 1 ) I p + 1. Hence, L(xo\a,b) traverses the set {fc— 1 : 
k>2,k\p + l). 

Counting. 

For L(xo\a,b) = k, there are k— 1 7r's such that (7r-wi)(7r- 
W2) 1 e and p choices of hi for all i = 1,2, . . . ,e— 1, Thus, 
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there are (k - l)p e ~ l choices of xo. 

Since a and B are roots of /(f), it can be verified that a/3~ l 
and a~ l B are roots of g(t) — t 2 + (a~ l b 2 + 2)f + 1. Therefore, 
a- l b 2 +2 = a/3- 1 +a- 1 /3. Thus, a = b 2 (a/3- 1 + a- l B-2). By the 
theory of Galois rings, a/3^ 1 can be expressed as a/3~ l = xy, 
where x e F e ^ and y e 1 + (p). Thus, ord(a)3 _1 ) = kp', where 
1 < i < e — 1. For each kp', there are ifi{kp') elements whose 
order is kp' and there are different a/3~ l + a~ l /3 - 2 's. 
Thus, there are 2-=o ^ choices of or/T 1 + or" 1 /? - 2. 

As a result of ord(wi<jx, ') > 2, we have a/3~ l + aT x B - 2 is 
a unit. The number of choices of b is (p - l)p e_1 . Once f> and 
+ a~ l f3 — 2 are chosen, a is uniquely determined. Hence, 
for each k, there are (k - l)(p - l)p 2 <- 2 2X0 ^ IPRN Gs of 
period k. The proof is completed. ■ 

Proposition 8: Suppose /(f) is irreducible in Z p t [?] and p f 
a - B. If (ji - to\){n - W2) 1 £ Q then L(xo; a, £>) traverses the 
set {k = k\kj :2<k\ < p + 1, k\ \ p + 1, ki \ p e ~ 1 }. For each k, 
there are (p - (ki - l))(p - l)^p 2f - 2 IPRNGs of period k. 
Proof: Period analysis. 

By the proof of Proposition 7, we can get that ord(wiw 2 ') > 

2. 

Since (n — o)i)(n- CD2T 1 t it is valid that S(xo;a,b) does 
not contain any element in (p). Thus, L(xo;a,b) - ord(a/3~ l ). 
In this case, (n - a)i)(n - CO2) 1 t ^- Thus, oi^wiWj 1 ) + p + l. 
By the proof of Proposition 7, we have ord^iw,, 1 ) | p+ 1. By 
the theory of Galois rings, a/3~ l can be expressed as a/3' 1 = xy, 
where x e r e 2 and y e 1 + (p). Thus, ord(oj0 _1 ) traverses the 
set {k = k\k2 : 2 < k\ < p + l,k\ \ p + l,ka \ p e ~ 1 }, so does 
L(xo; a, b). 

Counting. 

For L(xo;a,b) - k, there are p - (k\ - 1) zr's such that 
(n - (jL>\)(n - (1)2) _1 ^ i^. There are p choices of /i,- for all 
i = 1,2, ... ,e - I. Thus, there are (p - (k\ - choices of 

x . 

The rest of the counting process is the same as which in 
Proposition 7, thus, we omit it. There are (p - (k t - l))(p - 
l)^Y-p 2e ^ 2 IPRNGs of period k. The proof is completed. ■ 

B. a — 8 Is a Zero or a Zero Divisor 

Denote R = Z^[f]/(/(f)). Let iff be the nature homomor- 
phism between R and R/ pR. If p \ a - B, then it holds 
that iff{a - B) - i//(a) - if/(8) = 0. By the analysis in Q, 
we can get that R/pR is isomorphic with GF(p 2 ). Thus, 
tfr(a) = ifr(J3) = a> + pR, where a> e Z p . Since a = -a/3 and 
b = a+B, it holds that /(f) = t 2 -2a>t + oj 2 in Z p , which means 
that /(f) is not a basic irreducible polynomial in Zp*. Thus, R 
is not a Galois ring. 

Denote xq — n + zZt=i n iP' where n, h, e Z p for all i = 
1,2, ...,e - 1. Then, it follows from recurrence relation (5) 
that 

y„ +2 = 2uy n+ \ - w 2 y„(modp). 

Let x' n = x„modp and y' n = y„modp for all n = 0, 1, . . .. Then, 
we obtain 

y'n+2 = 2aj y'„ + i - u 2 y' n - (10) 

Similar to (6), we have the general term of (10) 

y' n = (J l (n{<J- l 7t-r ) + V). (11) 



Thus, if n - to is a unit, then y' n must contain 0, which means 
that S(xo;a,b) must contain some elements in (p); Otherwise, 
y'„ dose not contain 0, which means that S{x^;a,b) does not 
contain any element in (p). 

Now, we are ready to present our results on the period 
distribution of IPRNGs for this case. 

Proposition 9: Suppose p | a - B. If n - u> + 0, then 
L(x ; a,b) = p-\. There are (p - l) 2 p 3f ^ 3 IPRNGs of period 
p-1. 

Proof: Period analysis. 

Since n - u + 0, it is valid that S{xo;a,b) contains some 
elements in (p). Thus, L{xq; a, b) = Lib; a, b). Then, we 
consider the case that xo = b, which means that 71 = 2a>. 
By (11), we can get that y' n — (n + l)a>". Thus, n' = p — 1 is 
the smallest integer such that y' n , = 0. It follows from Lemma 
4 that x? = 0, which means that x„<_i e (p). Thus, x n > - b, 
which means that L(b;a,b) = p - 1, so does L(xo;a,b). 

Counting. 

For L(xo;a,b) = p — 1, since a,b e Z*,, it must hold that 
weZ* Thus, there are p-1 choices of u>. Once u is chosen, 
there are p e ~' choices of a,b, respectively. Since ^(xo;^,^) 
contains some elements in (p), it is valid that n - u> is a unit, 
there are p-1 choices of n, thus, there are (p - l)p c_I choices 
of xq. Hence, there are (p - l) 2 p 3e_3 IPRNGs of period p-1. 
The proof is completed. ■ 

Proposition 10: Suppose p | a -B. If either xo - a or xo -B 
is a zero, then L(xo; a, b) = 1. There are (p - l)p 2e ~ 2 IPRNGs 
of period 1 . If both xq - a and xq - B are zero divisors, then 
L(xo; a, b) traverses set {p e ' k : 1 < k < e - 1 }. For each k, there 
are (p - l) 2 p 3 ^ 3 IPRNGs of period p e - k . 
Proof: Period analysis. 

If n - a) — 0, then S (xo; a, b) does not contain any element 
in (p). Thus, x„ = xo if and only if 

(a"- 1 + a"- 2 B +■■■+ B n - l ){x - a)(x - B) = 0. (12) 

Since if/(a) = ifr(J3) — u> + pR, we denote a — u> + px and 
B — cj + py, where x, y e R. Thus, by simple calculation, we 
can get hat 

(a"- 1 + a"- 2 B +■■■+ B"- 1 ) = nu + npz, (13) 

where z is an element in R. 

If either xo - a or xo - B is a zero, which means that (xo - 
a)(xo - B) — 0, then the smallest n such that (12) holds is 1. 
Thus, L(xo; a,b) — 1. 

If both xo - a and xo - B are zero divisors, we have p | 
(xo - a)(xo -B). Thus, we suppose l<£<e-lis the largest 
integer such that p k \ {xq - a)(xo - B). Then n = p e ~ k is the 
smallest integer such that (13) holds. Thus, L(xo;a,b) = p e ~ k . 

Counting. 

For L{xQ\a,b) — 1, we have either xo - a or xo - B is a 
zero. Since a,B e Z* e , it is valid that there are (p - l)p e_1 
choices of a. Once a is chosen, if B - a, then B and xo 
are uniquely determined by a chosen a. Therefore, there are 
(p - l)p c ~' IPRNGs of period 1 for this case. If a-B is a zero 
divisor, then there are p c_I - 1 choices of B. Thus, there are 
(p-i)p (p — zl pairs of a,b. Once a,B are chosen, there are 2 
choices of xq. Thus, there are (p- l)p e_1 (p e_1 - 1) IPRNGs of 
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TABLE IV 

Period distribution of IPRNGs with a e Z* c and b 6 Z x e in Zpe 



Periods 


Number of IPRNGs 


1 


(p-2)(p- l)p 2e - 2 


p-1 


(p - 1) v~ 3 


[k- 1 : k>2,k\p- 1) 


(t-i)(P-i)P 2 '- 2 S: '^ 


{Jfc-1 : >t > 2,fc | /j + 1} 


(k- ixp-Dp 2 - 2 2Co 


{k = k\k 2 :1 <k\ < p - l,k\ \ p - 1, 
fe 1 P f ~'l 


(p - (*, - l))(p - l)^p 2 <- 2 


{& = fcife : ifci > 2,fei — 
£ 2 | p "-*3-i ; i <fc 3 < e -l) 


v.(fe)(p - i)V e - 2 


= k\ki :2<k\ <p+\,k\ \ p + 1, 
^2 1 P^ 1 } 


(P-(*1-1))(P-1)*£V'- 2 


{p e - k :\<k<e-\) 


(p - 1) 2 P 3< -*- 3 



TABLE V 

Period distribution of IPRNGs with a e Z* and b e Z* in Z 5 3 



Periods 


1 


2 


3 


4 


Number of IPRNGs 


7500 


125000 


195000 


290000 


Periods 


5 


10 


20 


25 


Number of IPRNGs 


322500 


30000 


80000 


50000 


Periods 


75 








Number of IPRNGs 


150000 









period 1 for this case. Hence, there are (p - l)p 2e 2 IPRNGs 
of period 1. 

For L(xo',a,b) = p e ~ k , we have p k \ (xq - a)(xo — P). Thus, 
there exists a', ft' e Z* e such that (xo-a)(xo-/3) = (xo-a')(xo- 

P') + 2Z%1 c iP^ where (x -a')(xo-F) = 0, c k e Z* and c, e Z p 
for all i = k + \,k + 2, . . . ,e — 1 . By the counting process of 
L(x ; a, b) = 1, we have there are (p- \)p 2e ~ 2 (x -a')(x Q -p'ys 
with (xo - a')(xo -/?') = 0. Once xo, a,/3 are chosen, there are 
p-1 choices of q, p choices of c,- for all i = k+1, k+2, ...,e—\. 
Thus, there are (p - l)p e ~ k ~ l choices of c,p"s. Hence, 
there are (p - l) 2 p 3e ~*~ 3 IPRNGs of period p e ~ k . The proof is 
completed. ■ 

Theorem 3: For IPRNGs with a e Z* e and b e Z ; ^ e , the 
possible periods and the number of each special period are 
given in Table IV. 

Remark 2: It should be mentioned that p > 3 is an impor- 
tant condition in Theorem 3, because of some periods require 
k > 2, k | p - 1, which implies that p > 3. 

Example 2: The following example is given to compare 
experimental and the theoretical results. A computer program 
has been written to exhaust all possible IPRNGs with a e Z^ 3 
and b e Z^ 3 in Z53 to find the period by brute force, the results 
are shown in Fig. 3. 

Table V lists the complete result we have obtained. It 
provides full information on the period distribution of the 
IPRNGs. As it is shown in Fig. 3 and Table V, the theoretical 
and experimental results fit well. The maximal period is 75 
while the minimal period is 1. The analysis process also 
indicates how to choose the parameters and the initial values 
such that the IPRNGs fit specific periods. 



VI. Conclusion 

The period distribution of the IPRNGs over (Z p e,+, x) for 
prime p > 3 and integer e > 2 has been analyzed. Full 
information on the period distribution of IPRNGs is obtained 
by some analytical approaches. The analysis process also 
indicates how to choose the parameters and the initial values 
such that the IPRNGs fit specific periods. 
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